Complexity Simplified

About

Search

Categories

Archives

Blogroll

VMware NSX-v 6.4 Released

01/16/2018

VMware has released version 6.4.0 of NSX for vSphere. The information below is straight from the release notes. A lot of new goodness has been added around DFW services and I was pleased to note that the NSX UI plugin for the HTML5 vSphere Client is included. Another interesting feature is IPv6-to-IPv4 NAT (NAT64) has been added to the ESG.

Distributed Firewall rules can now be created as stateless rules at a per DFW section level.

Distributed Firewall supports VM IP realization in the hypervisor. This allows users to verify if a particular VM IP is part of a security group/cluster/resourcepool/host which is used in the source, destination, or appliedTo fields of a DFW rule.

IP address discovery mechanisms for VMs: Authoritative enforcement of security policies based on VM names, or other vCenter-based attributes requires that NSX know the IP address of the VM. NSX 6.2 introduced the option to discover the VM’s IP address using DHCP snooping, or ARP snooping. In NSX 6.4.0, the number of ARP discovered IPs have been increased up to 128 and are configurable from 1 to 128. These new discovery mechanisms enable NSX to enforce IP address-based security rules on VMs that do not have VMware Tools installed.

Guest Introspection: For vCenter 6.5 and later, Guest Introspection (GI) VM’s are named Guest Introspection (XX.XX.XX.XX), where XX.XX.XX.XX is the IPv4 address of the host on which the GI machine resides. This occurs during the initial deployment of GI.

Improved Navigation Menu: Reduced number of clicks to access key functionality, such as Grouping Objects, Tags, Exclusion List and System Configuration.

Operations and Troubleshooting:

Upgrade Coordinator provides a single portal to simplify the planning and execution of an NSX upgrade. Upgrade Coordinator provides a complete system view of all NSX components with current and target versions, upgrade progress meters, one-click or custom upgrade plans and pre- and post-checks.

A new improved HTML5 dashboard is available along with many new components. Dashboard is now your default homepage. You can also customize existing system-defined widgets, and can create your own custom widgets through API.

New System Scale dashboard collects information about the current system scale and displays the configuration maximums for the supported scale parameters. Warnings and alerts can also be configured when limits are approached or exceeded.

Guest introspection reliability and troubleshooting enhancements. Features such as EAM status notification, upgrade progress, custom names for SVMs, additional memory and more improve the reliability and troubleshooting of GI deployments.

New Support Bundle tab is available to help you collect the support bundle through UI on a single click. You can now collect the support bundle data for NSX components like NSX Manager, hosts, edges, and controllers. You can either download this aggregate support bundle, or can directly upload the bundle to a remote server. You can view the overall status of data collection and status for each component.

New Packet Capture tab is available to capture packets through UI. If there is a host which is not in a healthy state, you can get the packet dump for that host, and administrator can examine the packet information for further debugging.

You can now enable Controller Disconnected Operation (CDO) mode from the Management tab on the secondary site to avoid temporary connectivity issues. CDO mode ensures that the data plane connectivity is unaffected in a multi-site environment, when the primary site lose connectivity.

Multi-syslog support for up to 5 syslog servers.

API improvements including JSON support. NSX now offers the choice or JSON or XML for data formats. XML remains the default for backwards compatibility.

Some of the NSX Edge system event messages now include Edge ID and/or VM ID parameters. For example, event code 30100, 30014, 30031.
These message parameters will not be available for older system events. In such cases, the event message will display {0} or {1} for the Edge Id and/or VM Id parameters.

NSX Edge Enhancements:

Enhancement to Edge load balancer health check. Three new health check monitors have been added: DNS, LDAP, and SQL.

You can now filter routes for redistribution based on LE/GE in prefix length in the destination IP.